package grupobbva.pe.operhc.webservice.rest.filter;

import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response.Status;

import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;

public class ReqFilter implements ContainerRequestFilter {
	public ReqFilter() {
		//System.out.println("ResFilter instance");
	}
	public ContainerRequest filter(ContainerRequest containerRequest) {
		//GET, POST, PUT, DELETE, ...
        String method = containerRequest.getMethod();
        // myresource/get/56bCA for example
        String path = containerRequest.getPath(true);
 
        //We do allow wadl to be retrieve
        if(method.equals("GET") && (path.equals("application.wadl") || path.equals("application.wadl/xsd0.xsd"))){
            return containerRequest;
        }
 
        //Get the authentification passed in HTTP headers parameters
        String auth = containerRequest.getHeaderValue(ContainerRequest.AUTHORIZATION);
 
        //If the user does not have the right (does not provide any HTTP Basic Auth)
        if(auth == null){
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
 
        //lap : loginAndPassword
        String[] lap = BasicAuth.decode(auth);
 
        //If login or password fail
        if(lap == null || lap.length != 2){
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
 
        //DO YOUR DATABASE CHECK HERE (replace that line behind)...
        //User authentificationResult =  AuthentificationThirdParty.authentification(lap[0], lap[1]);
        System.out.println("lap[0]:"+lap[0]);
        System.out.println("lap[1]:"+lap[1]);
 
        //Our system refuse login and password
        if(!(lap[0].equals("test") && lap[1].equals("test"))){
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
 
        //TODO : HERE YOU SHOULD ADD PARAMETER TO REQUEST, TO REMEMBER USER ON YOUR REST SERVICE...
 
        //-------------------------------------------------------------------------------
        // OAuth 1.0 --------------------------------------------------------------------
        //-------------------------------------------------------------------------------
        /*
        OAuthServerRequest request = new OAuthServerRequest(containerRequest);
        OAuthParameters params = new OAuthParameters();
        params.readRequest(request);
        
        // Set the secret(s), against which we will verify the request
        OAuthSecrets secrets = new OAuthSecrets();
        // ... secret setting code ...
        
        // Check that the timestamp has not expired
        String timestampStr = params.getTimestamp();
        // ... timestamp checking code ...
        
        // Verify the signature
        try {
            if(!OAuthSignature.verify(request, params, secrets)) {
                throw new WebApplicationException(401);
            }
        } catch (OAuthSignatureException e) {
            throw new WebApplicationException(e, 401);
        }
        */
        
        
        return containerRequest;
    }

}
